From: Anthony Liguori <anthony@codemonkey.ws>
To: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] Flush pending AIO on reboot and shutdown.
Date: Wed, 13 Aug 2008 14:03:13 -0500 [thread overview]
Message-ID: <48A32FF1.5040302@codemonkey.ws> (raw)
In-Reply-To: <20080813183544.GA29998@minantech.com>
Gleb Natapov wrote:
> On Wed, Aug 13, 2008 at 10:53:57AM -0500, Anthony Liguori wrote:
>
>> Now that I think about it, I think your fixing the wrong problem. The
>> issue isn't that the IO requests need to be completed, but that they
>> *will* complete which means that the IDE driver will receive a callback
>> for a request that it no longer knows about (because it was reset). So
>>
> Not exactly. IDE still knows about the request after reset (actually currently
> IDE doesn't know about reset), but the IDE code is written in such a way that
> there can be only one outstanding request in progress. When guest issues
> another request before previous request is completed global data is
> modified and first request start to use wrong data and consequences are
> unpredictable. It may be crash, image corruption, infinity recursion.
> The fact that IDE code allows to issue another request wile IDE is still
> busy is also a bug.
>
Yeah, let's fix this properly. I worry that this could be a DoS on the
part of the guest (or even worse).
>> what we really need to do is modify the IDE device such that when it is
>> reset, it cancels any pending requests.
>>
>> The fact that this reset happens as a consequence of a system reset is
>> really just a coincidence.
>>
> That will also solve the problem of cause, but what bother me is that we
> consciously drop user data that we can easily save. Why? Real HW tries
> hard to save every bit of user data and we just decided to drop it. The
> difference between cancel or complete a request may be corrupted or not
> corrupted file system after a crash.
>
I don't think of this as "saving user data". From the guest's
perspective, data is only written to disk after a write completion has
be issued. I think it's worse for data to end up being written to disk
without that completion ever being seen by the guest.
Regards,
Anthony Liguori
> I'll send updated patch.
>
> --
> Gleb.
>
>
>
next prev parent reply other threads:[~2008-08-13 19:04 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-13 13:23 [Qemu-devel] [PATCH] Flush pending AIO on reboot and shutdown Gleb Natapov
2008-08-13 13:46 ` Samuel Thibault
2008-08-13 13:59 ` Gleb Natapov
2008-08-13 14:06 ` Samuel Thibault
2008-08-13 14:25 ` Gleb Natapov
2008-08-13 14:29 ` Samuel Thibault
2008-08-13 14:40 ` Avi Kivity
2008-08-13 14:41 ` Gleb Natapov
2008-08-13 16:14 ` Samuel Thibault
2008-08-13 13:52 ` Anthony Liguori
2008-08-13 14:13 ` Gleb Natapov
2008-08-13 15:07 ` Anthony Liguori
2008-08-13 15:18 ` Avi Kivity
2008-08-13 15:47 ` Anthony Liguori
2008-08-13 16:36 ` Avi Kivity
2008-08-13 15:23 ` Gleb Natapov
2008-08-13 15:53 ` Anthony Liguori
2008-08-13 18:35 ` Gleb Natapov
2008-08-13 18:40 ` Avi Kivity
2008-08-13 18:53 ` Gleb Natapov
2008-08-13 19:04 ` Anthony Liguori
2008-08-14 10:26 ` Jamie Lokier
2008-08-13 19:03 ` Anthony Liguori [this message]
2008-08-13 22:32 ` Samuel Thibault
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48A32FF1.5040302@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.